Threat Level

High

Overview

A vulnerability has been reported in Microsoft Malware Protection Engine which could allow a remote attacker to cause the affected system to become unresponsive.

Description

A vulnerability exists in Microsoft Malware Protection Engine due to improper scanning of specially crafted files. A remote attacker could exploit this vulnerability by enticing the user to visit a malicious website or convince the user to view an email containing a crafted file. Viewing the malicious website or crafted file could lead to a scan timeout during scanning by the affected software.

Successful exploitation of the vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed leading to denial of service conditions.